From 7854f39a86c4bf78f17a7df289d5d0ea3da75dac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= Date: Mon, 11 Jan 2021 11:56:09 +0000 Subject: [PATCH] Resolves: rhbz#1900686 CVE-2020-25713 malformed input file can lead to a segfault --- ...aptor2-malformed-input-file-can-lead.patch | 33 +++++++++++++++++++ raptor2.spec | 7 +++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch diff --git a/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch b/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch new file mode 100644 index 0000000..1fb279d --- /dev/null +++ b/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch @@ -0,0 +1,33 @@ +From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Tue, 24 Nov 2020 10:30:20 +0000 +Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a + segfault + +due to an out of bounds array access in +raptor_xml_writer_start_element_common + +See: +https://bugs.mageia.org/show_bug.cgi?id=27605 +https://www.openwall.com/lists/oss-security/2020/11/13/1 +https://gerrit.libreoffice.org/c/core/+/106249 +--- + src/raptor_xml_writer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c +index 56993dc3..4426d38c 100644 +--- a/src/raptor_xml_writer.c ++++ b/src/raptor_xml_writer.c +@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, + + /* check it wasn't an earlier declaration too */ + for(j = 0; j < nspace_declarations_count; j++) +- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) { ++ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) { + declare_me = 0; + break; + } +-- +2.28.0 + diff --git a/raptor2.spec b/raptor2.spec index 2668075..611bb29 100644 --- a/raptor2.spec +++ b/raptor2.spec @@ -2,7 +2,7 @@ Summary: RDF Parser Toolkit for Redland Name: raptor2 Version: 2.0.15 -Release: 26%{?dist} +Release: 27%{?dist} License: GPLv2+ or LGPLv2+ or ASL 2.0 Source: http://download.librdf.org/source/raptor2-%{version}.tar.gz @@ -11,6 +11,8 @@ URL: http://librdf.org/raptor/ ## upstream patches # https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f Patch1: 0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch +# https://bugs.librdf.org/mantis/view.php?id=650 +Patch2: 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch ## upstreamable patches @@ -99,6 +101,9 @@ make check %changelog +* Mon Jan 11 2021 Caolán McNamara - 2.0.15-27 +- Resolves: rhbz#1900686 CVE-2020-25713 malformed input file can lead to a segfault + * Mon Aug 10 2020 Caolán McNamara - 2.0.15-26 - Resolves: rhbz#1560206 drop requirement on yajl